testing purchase_email but getting 401 with AllowAny

products/tests.py

@@ -6,6 +6,7 @@ from urllib.parse import quote
 
 from django.utils import timezone
 from django.test import TestCase
+from django.core import mail
 
 from rest_framework.test import APITestCase
 from rest_framework import status
@@ -1195,3 +1196,38 @@ class FindRelatedProductsTest(APITestCase):
         # assert result
         self.assertTrue(len(results) == len(expected_instances))
 
+
+class PurchaseEmailTest(APITestCase):
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/purchase_email/'
+        self.factory = ProductFactory
+        self.model = Product
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = CustomUserFactory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        # self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+    def test_anon_user_can_use(self):
+
+        company = CompanyFactory()
+        product = ProductFactory(company=company)
+
+        data = {
+            'email': self.email,
+            'telephone': '123123123',
+            'company': company.id,
+            'product': product.id,
+            'comment': '',
+        }
+        response = self.client.post(self.endpoint, json=data)
+        import ipdb; ipdb.set_trace()
+        # assertions
+        self.assertEquals(response.status_code, 200)
+        self.assertEquals(2, len(mail.outbox))
+

products/views.py

@@ -11,7 +11,7 @@ from django.contrib.auth import get_user_model
 from rest_framework import status
 from rest_framework import viewsets
 from rest_framework.response import Response
-from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated, AllowAny
 from rest_framework.decorators import api_view, permission_classes, action
 from rest_framework.filters import OrderingFilter
 
@@ -247,6 +247,7 @@ class CategoryTagAutocomplete(autocomplete.Select2QuerySetView):
         return qs       # [x.label for x in qs]
 
 
+@permission_classes([AllowAny,])
 @api_view(['POST'])
 def purchase_email(request):
     """Notify coop manager and user about item purchase
@@ -275,7 +276,7 @@ def purchase_email(request):
     if not manager and manager.role != 'COOP_MANAGER':
         return Response({"error": "Company has no managing user"}, status=status.HTTP_406_NOT_ACCEPTABLE)
     # get product
-    product = Product.objects.filter(id=data['product']).first()
+    product = Product.objects.filter(id=data['product'], company=company).first()
     if not product:
         return Response({"error": "Invalid value for product"}, status=status.HTTP_406_NOT_ACCEPTABLE)